Vulnerability CVE-2020-14370


Published: 2020-09-23

Description:
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Redhat -> Openshift container platform 
Redhat -> Enterprise linux 
Podman project -> Podman 

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=1874268

Copyright 2024, cxsecurity.com

 

Back to Top